Updated VSA CORE Questionnaire Now Available on Whistic

December 18, 2019

The Vendor Security Alliance, long one of the forerunners in vendor risk assessments and security questionnaires, released their newest questionnaire update — the VSA CORE. As an assessment built and managed by the VSA itself, the VSA CORE questionnaire is heavily focused on vendor security partnerships and the ongoing risk levels present in cybersecurity.

Prior to releasing VSA CORE, the Vendor Security Alliance released annual updates to its VSA FULL questionnaire, making it one of the timeliest assessments available in cybersecurity. Heading into 2020, two of the biggest concerns for many security and InfoSec professionals are CCPA and GDPR regulations. Instead of removing these sectors altogether, the VSA CORE questionnaire includes sections on both CCPA and GDPR to ensure vendor alliances remain compliant even in the absence of full questionnaires.

The VSA CORE questionnaire follows in the footsteps of other often-used risk assessments like CAIQ and SIG to cut down lengthy, often tedious questions to a core group of focused security insights. Many InfoSec teams use core or lite assessments to:

  • Quickly identify if there are gaps in a security partnership
  • Increase efficiency and speed of data security resources
  • Identify whether or not further assessments are needed to dig deeper into security gaps

The CAIQ-Lite and SIG-Lite questionnaires are now two of the most often used questionnaires on the Whistic platform thanks to their ease of use, and the VSA CORE questionnaire is sure to be in that same conversation.

While many cybersecurity teams have been relying on manual data gathering and spreadsheets to fill out these lengthy questionnaires for years, the Whistic platform is providing a streamlined, secure way to easily store and manage security profiles to quickly respond to and send out security questionnaires. With the addition of the VSA CORE questionnaire to Whistic’s already large library of available questionnaires, security teams can cut back on manual processes even more.

You can access the VSA CORE assessment through your Whistic profile now.

cybersecurity whistic vendor security alliance vsa core vsa

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.